Senior Information Security Advisor

You are as unique as your background, experience and point of view. Here, you’ll be encouraged, empowered and challenged to be your best self. You'll work with dynamic colleagues - experts in their fields - who are eager to share their knowledge with you. Your leaders will inspire and help you reach your potential and soar to new heights. Every day, you'll have new and exciting opportunities to make life brighter for our Clients - who are at the heart of everything we do. Discover how you can make a difference in the lives of individuals, families and communities around the world.

Job Description:

Reporting to the Director, Security Advisory Services, the Senior Information Security Advisor is aligned with one of Sun Life’s line of business. The Senior Information Security Advisor manages the line of business ensuring Information Security Risk Assessments (ISRAs) for their initiatives are completed in a timely manner, security risks have valid action plans, and assists with compliance matters related to Information Security.

The Senior Information Security Advisor performs Information Security Risk Assessments (ISRAs) on initiatives, third-party/suppliers and applications, conducts contract reviews focused on security provisions, advises on security best practices, and reviews emerging security strategies. The Senior Information Security Advisor interacts and collaborates with various Sun Life teams, including Business, Architecture, Infrastructure, Compliance and Risk, Legal, and Privacy teams. There is also interaction with external third-party/suppliers.

What will you do - The successful candidate will:

• Provide support to Sun Life’s line of business initiatives and projects through conducting information security risk assessments, reviewing contracts to ensure inclusion of appropriate security provisions/requirements, performing supplier/third-party risk assessments, and advising on security best practices.
• Ensure the security controls implemented on their projects and initiatives align with Sun Life Security Policy and Directive requirements.
• Provide security consulting, using technical expertise, to guide and influence implementation of appropriate security controls in projects and initiatives to ensure the safeguarding and protection of Sun Life confidential information to prevent accidental disclosure, modification or destruction, and improve the overall security posture of Sun Life.
• Provide preliminary recommendations to the management team on information security related risks.
• Track and manage open information security risks to ensure corresponding risk remediation plans and target dates are in place. Work with respective risk owner to ensure risk action plans are valid and risks are remediated in a timely manner.
• Provide reporting to management team on status of information security risks assessments, identified risks, policy exception requests, and current work activities.

What you need to succeed:

• Minimum 7 years experience in Information Security and/or Information Technology (IT), preferably with experience in Information Security Risk Management.
• In-depth knowledge of Information Security and IT principles, protocols, practices, and industry standards.
• Strong understanding of existing and emerging Information Security technologies (e.g., encryption, network/web application firewall, IDS/IPS, advanced malware protection, DDoS, DLP, SIEM, etc.).
• Extensive knowledge of various attack/threat vectors and determine the corresponding security controls to minimize and/or remediate the risk.
• Strong understanding of cloud security and cloud-based technologies (e.g., AWS and Azure).
• Experience performing cloud security risk assessments.
• Experience performing risk assessments of cloud-based (SaaS) technologies including but not limited to AWS and Azure.
• Familiarity with contract wording and interpretation of security clauses.
• Post-secondary education (University degree or college diploma) in Computer Engineering, Computer Science, Information Technology, Information Security and Risk Management or comparable professional education/training in a field relevant to Information Security.
• Professional designation relating to Information Security (e.g., CISSP, CCSP, CISM, CISA) preferred.

Preferred Skills

• Excellent verbal communication skills - can interface with executives and negotiate with clients.
• Excellent writing skills with emphasis on report writing.
• Self-starter, can work with minimum supervision, strategic thinker, negotiator, and consensus builder.
• Strong consulting skills and ability to influence a win-win outcome.
• Ability to understand Sun Life’s diverse business units and work with them.
• Must be able to work with the business and interpret technical context into plain language.

Unique Requirements:

• As a condition of the role, the successful candidate must obtain a Government of Canada Reliability Status security clearance through Sun Life in advance of the start date.
• Reliability Security Clearance must be obtained prior to start date.

What’s in it for you:

• We’re honoured to be recognized as a 2024 Best Workplaces in Ontario by Great Place to Work Canada.
• We are thrilled to be recognized by Excellence Canada with their top-level certification, the Canada Order of Excellence for Mental Health at Work, for prioritizing employee well-being, fostering a positive work culture, and achieving excellence in mental health.
• We’re proud to be recognized as a company with a 2023 Most Trusted Executive team by Great Place to Work Canada.
• Wellness programs that support the three pillars of your health - mental, physical, and financial.
• The opportunity to move along a variety of career paths with amazing networking potential.
• As a hybrid organization, you and your leader use business and Client needs to choose where you work, at home or in the office.

Salary Range: 84,000/84 000 - 138,000/138 000

Job Category: IT - Technology Services

Posting End Date: 20/02/2025